Kix lookup OU

$objsysinfo = createobject”ADSystemInfo”)
? “User Name: ” + $objsysinfo.username
? “Computer: ” + $objsysinfo.computername

if instr($objsysinfo.computername, “OU=”+”Computer”) and instr($objsysinfo.computername, “OU=”+”ABCComputer”)
? “Match.”
endif

Screen
User Name: CN=TestUser,CN=Users,DC=domain,DC=com
Computer: CN=PC1,OU=Computer,OU=ABCComputer,DC,domain,DC=com

Adobe Reader DC create MSI for GPO Update

Download full exe installer, AcroRdrDC1900820071_zh_TW.exe

https://get.adobe.com/tw/reader/enterprise/

Download 32bit patch, AcroRdrDCUpd2100120150.msp

https://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotesDC/index.html

decompress AcroRdrDC1900820071_zh_TW.exe to D:\Step1\

Create D:\Step2\ & D:\Step3\

cd D:\Step1
# msiexec /a AcroRead.msi

Install to D:\Step2\

Copy AcroRdrDCUpd2100120150.msp to D:\Step2\

# cd D:\Step2\
msiexec /a AcroRead.msi /p AcroRdrDCUpd2100120150.msp

Install to D:\Step3\

Copy D:\Step2\AcroRead.msi to D:\Step3\

Step3 is the new installer with patch 2100120150

AD GPO push msi

Make a share drive with at least “Domain Computers” permission

\\dc1.domain.com\share

Create new OU and move AD computers to this OU

Create GPO in this OU, and select msi files in FQDN share drive

(Computer Configurateion not User Configuration)

Ignore language

separate x86 & x64 msi, so we unclick “Make this 32-bit ….”

Flash Player(New & Archive)
https://www.adobe.com/hk_zh/products/flashplayer/distribution5.html
https://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html

7zip
https://www.7-zip.org/

Chrome Browser
https://chromeenterprise.google/browser/download/

自問自答:

  1. 推送完畢, 己經安裝左後, 經人手刪除軟件會否重新推送? 不會
  2. 設定GPO推送軟件前, 該電腦己經安裝了此軟件, 會如何處理? 照推送, 照安裝. (以7zip為例, 電腦1己安裝7zip 9.20, 電腦2己安裝7zip 18.06, 推送7zip 16.04, 電腦1升級至16.04, 電腦2保留18.06, 但新增移除會看到16.04, 軟件還是18.06. 其後手動由18.06安裝16.04相同結果, 所以推論GPO推送不會理會己安裝的版本, 結果會和手動安裝一樣)
  3. 在GPO刪除被推送的軟件, 在用戶端會自動刪除嗎? click “Uninstall the application when it falls out of the scope of management”
  4. 使用時間久了, 升級過很多版本, 可以刪除舊的嗎? 如果click了第3點, 就算只刪除較舊的其中一個, 所有用戶都會刪除了這個軟件, 建議是刪除全部, 再重新增加最新的版本.
  5. 軟件A ver1可以裝xp,win7,10, 軟件A ver2只可以裝win7,10, xp會點裝?
  6. categories用途

Windows 2008 R2 + Exchange 2010

ServerManagerCmd -ip D:\Scripts\Exchange-Typical.xml -Restart
Set-Service NetTcpPortSharing -StartupType Automatic
http://go.microsoft.com/fwlink/?LinkID=191548

https://technet.microsoft.com/en-us/library/bb691354%28EXCHG.140%29.aspx
https://technet.microsoft.com/zh-cn/library/bb691354%28v=exchg.141%29.aspx

get-user -filter “department” -eq ‘sales'”
get-user -filter “department” -like ‘sales*'”
get-mailbox administrator | fl name,emailaddresses
get-casmailbox

Set on behalf of and send as permission:
set-mailbox boss -grantsendonbehalfto assistant
add-adpermission boss -extendedrights send-as -user assistant
restart-server msexchangeis

Show the user forwarding status:
get-mailbox Username | fl name,forwardingaddress,delivertomailboxandforward,recipientlimits

Show each user send receive limit:
get-mailbox | ft name,maxsendsize,maxreceivesize

Global message size limit:
get-transportconfig | fl max*size,maxrecipientenvelopelimit

Add retention deleted items:
new-retentionpolicytag “tag-deleteditems” -type “deleteditems” -comment “deleted items are purged in 60 days” -retentionenabled $true -agelimitforretention 60 -retentionaction permanentlydelete

Add retention default policy:
new-retentionpolicytag “tag-default” -type all -comment “items without a retention tag are deleted in 1 year.” -retentionenabled $true -agelimitforretention 365 -retentionaction movetodeleteditems -isprimary $true

Add retention business policy:
new-retentionpolicytag “tag-businesscritical” -type personal -comment “business critical messages are moved to the archive in 3 years.” -retentionenabled $true -agelimitforretention 1095 -retentionaction movetoarchive

Add retention group:
new-retentionpolicy “RP1” -retentionpolicytaglinks “tag-deleteditems”,”tag-businesscritical”,”tag-default”

Apply to user:
set-mailbox username -retentionpolicy RP1 -confirm:$false

restart-server msexchangeis
start-managedfolderassistant

Remove retention:
set-mailbox username -retentionpolicy $null
remove-retentionpolicy RP1
get-retentionpolicytag | remove-retentionpolicytag

Grant fullright access from user1 to user2:
add-mailboxpermission user1 -accessrights fullaccess -user user2

Display all edb path
get-mailboxdatabase | fl name,edbfilepath

Show state(Clean or Drily):
eseutil /mh

Repair with transaction log:
eseutil /r E05

eseutil /p

Integrity:
eseutil /g

Checksum:
eseutil /k

Fragment:
eseutil /ms

Defragment:
eseutil /d